Have you ever tried to access a certain website only to have your browser say it is “Not Secure”?
Well, this is because it does not have a valid SSL (Secure Sockets Layer) certificate.
In this guide, I am going to share with you two amazing ways to install Cloudflare FREE SSL in WordPress.
Forget about the old days when you had to buy an SSL certificate, I’ll show you how to move your site from not secure (http) to secure (https) without spending a penny.
All you’ll need to do is sign up for Cloudflare, install Cloudflare’s flexible SSL plugin, enable and configure SSL settings and you’ll be good to go.
If you would rather not read, here’s a video…
Background
Cloudflare is a Content Delivery Network (CDN) whose main purpose is to serve your website content to your site visitors worldwide using their nearby infrastructure; servers.
Cloudflare DNS serves your website content to your visitors from their nearest location instead of sending requests to your web host or actual web server to your website.
This reduces the time the visitor has to request and receive information from your website.
I have been using Cloudflare’s SSL feature to secure several websites for years now and have never been disappointed by their service.
How to Install a Free SSL using Cloudflare
As mentioned earlier, I will show you two ways to install an SSL on your website using Cloudflare.
Both methods are cost-free and easy to set up in just five minutes.
Method One: Installing free SSL Cloudflare on WordPress Websites
This is a basic and pretty straightforward method to add https to your website.
Briefly, you’ll take these simple steps:
1. Sign up for Cloudflare and select the free plan
2. Add your domain
3. Install and activate Cloudflare flexible SSL plugin
4. Install WordPress https/SSL plugin
5. Configure the Cloudflare page rules
6. Change the WordPress site address
Let’s look at them in detail.
Step 1: Sign up for a Cloudflare free account
Visit the Cloudflare SSL page and select Cloudflare free plan (click the Activate for free button), this will redirect you to create an account if you haven’t already.
Step 2: Add your site domain to Cloudflare
Add your website’s URL, and then Cloudflare will go and look at your DNS configuration.
Cloudflare will query and fetch all settings from your DNS provider; including the A records and IP addresses.
Step 3: Change / Point Your Nameservers to Cloudflare
You will have to switch the nameserver / IP address from your domain registrar and point to the ones provided by Cloudflare.
These nameservers should look familiar to these: leia.ns.cloudflare.com and zeus.ns.cloudflare.com.
DNS modification may take a few minutes to hours (24).
This process updates the newly assigned nameservers (Cloudflare nameservers) in your domain registrar account.
This update sometimes takes about 10 minutes for me, however, it may also take several hours.
Step 4: Select the Flexible SSL
Under the Domain Cloudflare settings set the SSL/TLS mode to “Flexible” or “Full,” depending on your server’s SSL configuration.
Step 5: Install and activate the Cloudflare flexible plugin by iControlWP
On your WordPress dashboard, navigate to WordPress Plugins > Add new, search for then install and activate the Flexible SSL for Cloudflare.
Step 6: Install, activate and configure WordPress HTTPs plugin
After installing the flexible SSL plugin, search for the Really Simple SSL plugin; install and activate it.
After activating the plugin, follow the steps to enable SSL.
Step 7: Configure Cloudflare page rules
Once your nameservers update you’ll see a green bar in your Cloudflare account for that specific domain.
Now, one more thing to do is to configure the page rules settings.
Head to the Cloudflare tools tab under that specific domain, and at the top select page rules.
Select Always use HTTPs and then add your domain name as the page rule in between two asterisks, finally, click Add rule.
The really simple SSL plugin you installed should automatically change your address from http to https, but just in case that doesn’t happen, go to Settings > General and manually change it.
HTTPS is now Enabled
Congratulations !! You now have your WordPress website secure with your free SSL certificate.
You may also like: How To Design A Website Without Writing A Single Line Of Code
Method Two: Installing Cloudflare SSL free on Non-WordPress Websites
Step 1: Signup for Cloudflare free account
Repeat Steps 2 – 3; Add your site to Cloudflare & Change / Point Your Nameservers to Cloudflare (See in method One)
Step 4: Configure Always HTTPS
Once your nameservers update you’ll see a green bar in your Cloudflare account for that specific domain.
Now, one more thing to do is to configure the Crypto settings.
Locate on the Cloudflare tools bar, select the Crypto options, scroll way down to Always HTTPS and turn it on.
Step 4: Reload your website
At this step, your website will show secure from the browser and it will indicate https is installed and working fine.
At this step, you have managed to enable a secure version of your website.
However, let’s let’s take it a bit deeper and more secure with A+ bank level security using Cloudflare.
Step 5: Enable Bank Level Security
Still under the crypto tab, scroll down to HSTS, turn it on, also, enable it for subdomains, turn on preloads, and turn on the notice sniff header.
Step 6: Request HSTS preloader Inclusion
Next, head to HSTS preloader website (https://hstspreload.org/) to request for inclusion in the preloader.
Then enter your domain including https. (https://mywebsite.com).
Accept and submit.
Now, still under Crypto tab, go step up the minimum TLS version.
The default is 1.0 but you will have to set this to 1.2 which is a stronger implantation of transport layer security.
Next is to enable the latest version of TLS protocol for improved security and performance.
Still under Crypto, Head down TLS 1.3, and under drop-down, select Enabled-ORTT.
Step 6: Fix the Insecure Content browser error
Head back to the Cloudflare crypto tab, scroll down, locate Automatic HTTPS Rewrites and turn it on.
So here, Cloudflare will force any un-secure content on your website to be secure.
Everything will be redirected to HTTPS.
Step 7: Enable Full SSL Strict
This will Encrypt All Traffic from Browser, Cloudflare and Website Server.
Follow this video tutorial and see step-by-step how to enable full SSL strict via Cloudflare, generating and installing an SSL from Cloudflare to your web server.
Video by Troy Hunt.
Congratulations !! You now have your non-WordPress site running on HTTP(S)
In Closing
I’m pretty sure this guide will help you remove the not secure warning in the browser but more so, to secure your website.
You may try accessing your website on different browsers just to make sure that all is working as required.